Gracias angel segui tu consejo y ya use el comando host las salidas son:
host midominio.com.ve / Muestra: midominio.com.ve has address 1.1.1.1
host 1.1.1.1 / Muestra 1.1.1.1 in-addr.arpa has no PTR record
host 1.1.1.1 8.8.8.8 / Muestra:
Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases:
1.1.1.1.in-addr.arpa domain name pointer server.vps.com.
host 1.1.1.1 127.0.0.1 / Muestra:
Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases:
1.1.1.1.in-addr.arpa has no PTR record
host -a midominio.com.ve / Muestra:
Trying "midominiocom.ve" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61759 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION: ;midominio.com.ve. IN ANY
;; ANSWER SECTION: midominio.com.ve. 38400 IN SOA server.vps.com. administrator.midominio.com.ve. 1432340096 10800 3600 604800 38400 midominio.com.ve. 38400 IN NS ns1.midominio.com.ve. midominio.com.ve. 38400 IN NS ns2.midominio.com.ve. midominio.com.ve. 38400 IN NS server.vps.com. midominio.com.ve. 38400 IN A 1.1.1.1
;; ADDITIONAL SECTION: ns1.midominio.com.ve. 38400 IN A 1.1.1.2 ns2.midominio.com.ve. 38400 IN A 1.1.1.3
En la Zona Tengo:
zone "1.1.1.1.in-addr.arpa" { type master; file "/var/named/1.1.1.1.in-addr.arpa"; };
y en /var/named/1.1.1.1.in-addr.arpa:
@ IN SOA server.vps.com. administrator.midominio.com.ve. ( 1432340094 10800 3600 604800 38400 ) @ IN NS server.vps.com. ns1 IN NS midominio.com.ve. ns2 IN NS midominio.com.ve. 20 IN PTR midominio.com.ve.
y en /var/named/midominio.com.ve.hosts::
$ttl 38400 midominio.com.ve. IN SOA server.vps.com. administrator.midominio.com.ve. ( 1432340096 10800 3600 604800 38400 ) IN NS server.vps.com. IN NS ns1.midominio.com.ve. IN NS ns2.midominio.com.ve. @ IN A 1.1.1.1 ns1 IN A 1.1.1.2 ns2 IN A 1.1.1.3 www IN CNAME midominio.com.ve. 1.1.1.1.midominio.com.ve. IN PTR midominio.com.ve
Que me faltara y disculpa la molestia,
Saludos,
Wilmer.
Cuando "host IP" nos retorna el mensaje de "in-addr.arpa has no PTR record" quiere decir que *la resolucion INVERSA* no esta bien !...
Dejando la resolucion directa e inversa funcionando, solo faltaria irle agregando parametros adicionales segun requieras, como registros TXT para autentificaciones de correos y demas...
Saludos !
2015-05-22 22:51 GMT-05:00 Wilmer Arambula tecnologiaterabyte@gmail.com:
Gracias angel segui tu consejo y ya use el comando host las salidas son:
host midominio.com.ve / Muestra: midominio.com.ve has address 1.1.1.1
host 1.1.1.1 / Muestra 1.1.1.1 in-addr.arpa has no PTR record
host 1.1.1.1 8.8.8.8 / Muestra:
Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases:
1.1.1.1.in-addr.arpa domain name pointer server.vps.com.
host 1.1.1.1 127.0.0.1 / Muestra:
Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases:
1.1.1.1.in-addr.arpa has no PTR record
host -a midominio.com.ve / Muestra:
Trying "midominiocom.ve" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61759 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION: ;midominio.com.ve. IN ANY
;; ANSWER SECTION: midominio.com.ve. 38400 IN SOA server.vps.com. administrator.midominio.com.ve. 1432340096 10800 3600 604800 38400 midominio.com.ve. 38400 IN NS ns1.midominio.com.ve. midominio.com.ve. 38400 IN NS ns2.midominio.com.ve. midominio.com.ve. 38400 IN NS server.vps.com. midominio.com.ve. 38400 IN A 1.1.1.1
;; ADDITIONAL SECTION: ns1.midominio.com.ve. 38400 IN A 1.1.1.2 ns2.midominio.com.ve. 38400 IN A 1.1.1.3
En la Zona Tengo:
zone "1.1.1.1.in-addr.arpa" { type master; file "/var/named/1.1.1.1.in-addr.arpa"; };
y en /var/named/1.1.1.1.in-addr.arpa:
@ IN SOA server.vps.com. administrator.midominio.com.ve. ( 1432340094 10800 3600 604800 38400 ) @ IN NS server.vps.com. ns1 IN NS midominio.com.ve. ns2 IN NS midominio.com.ve. 20 IN PTR midominio.com.ve.
y en /var/named/midominio.com.ve.hosts::
$ttl 38400 midominio.com.ve. IN SOA server.vps.com. administrator.midominio.com.ve. ( 1432340096 10800 3600 604800 38400 ) IN NS server.vps.com. IN NS ns1.midominio.com.ve. IN NS ns2.midominio.com.ve. @ IN A 1.1.1.1 ns1 IN A 1.1.1.2 ns2 IN A 1.1.1.3 www IN CNAME midominio.com.ve. 1.1.1.1.midominio.com.ve. IN PTR midominio.com.ve
Que me faltara y disculpa la molestia,
Saludos,
Wilmer. _______________________________________________ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Disculpen tanta molestia, pero la verdad no logro dar con el error.
Ya logre que al hacer host 1.1.1.1 / Muestra: 1.1.1.1.in-addr.arpa domain name pointer server.vps.com., pero sigo sin poderle hacer ping y no tengo instalado ni selinux ni ningun firewall,
mi configuración es:
*named.conf:*
server.vps.com, ip = 1.1.1.1 ns1.midominio.com.ve, ip = 1.1.1.2 ns2.midominio.com.ve, ip = 1.1.1.3
options { listen-on port 53 { localhost; 1.1.1.1; 1.1.1.2; 1.1.1.3; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ allow-query { localhost; 1.1.1.1; 1.1.1.2; 1.1.1.3; }; allow-update { localhost; 1.1.1.1; 1.1.1.2; 1.1.1.3; }; allow-transfer { localhost; 1.1.1.1; 1.1.1.2; 1.1.1.3; }; forwarders { 4.2.2.2; 8.8.8.8; }; recursion yes;
dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
/* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; };
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; };
zone "midominio.com.ve" { type master; file "/var/named/midominio.com.ve.hosts"; };
zone "1.1.1.1.in-addr.arpa" { type master; file "/var/named/1.1.1.1.in-addr.arpa"; };
include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
*midominio.com.ve.hosts:*
$ttl 38400 midominio.com.ve. IN SOA server.vps.com. administrator.midominio.com.ve. ( 1432340100 10800 3600 604800 38400 ) IN NS server.vps.com. IN NS ns1.midominio.com.ve. IN NS ns2.midominio.com.ve. @ IN A 1.1.1.1 ns1 IN A 1.1.1.2 ns2 IN A 1.1.1.3 www IN CNAME midominio.com.ve. 1.1.1.1.midominio.com.ve. IN PTR midominio.com.ve.
*1.1.1.1.in-addr.arpa:*
@ IN SOA server.vps.com. administrator.midominio.com.ve. ( 1432340094 10800 3600 604800 38400 ) IN NS server.vps.com. IN NS ns1.midominio.com.ve. IN NS ns1.midominio.com.ve. @ IN PTR server.vps.com. @ IN A 1.1.1.1 ns1 IN A 1.1.1.2 ns2 IN A 1.1.1.3 90 IN PTR ns1.midominio.com.ve. 91 IN PTR ns2.midominio.com.ve.
y en en panel de administración de *nic.ve http://nic.ve* registre las ips primero en DNS propios:
ns1.midominio.com.ve, ip = 1.1.1.2 ns2.midominio.com.ve, ip = 1.1.1.3
*/etc/host:*
server.vps.com
*/ect/resolv.conf:*
search midominio.com.ve server.vps.com nameserver 127.0.0.1 nameserver 4.2.2.2 nameserver 8.8.8.8
En en el panel de administración de *donweb* donde tengo registrado *vps.com http://vps.com* tengo
vps.com, ip = 1.1.1.1: server.vps.com, ip = 1.1.1.1; dns = ns1.donweb.com, ns2.donweb.com
No entiendo que esta mal, porque no puedo hacer ping desde afuera,
Saludos,
Wilmer.
Bueno después de seguir intentando y leyendo* (y gracias a las recomendaciones de Angel Jauregui) *y probando con la herramienta http://www.dnsstuff.com/tools, para chequear el DNS del dominio, logre configurarlo correctamente o al menos eso creo, dejare esta configuración espero que le sirva a alguien mas, y si hay sugerencias para mejorarlo y darle mayor seguridad mucho mejor:
*1.- VPS ips:*
- 1.1.1.1* (server.vps.com http://server.vps.com)*, 1.1.1.2 *(ns1.midominio.com.ve http://ns1.midominio.com.ve)*, 1.1.1.3 *(ns2.midominio.com.ve http://ns2.midominio.com.ve)*.
*2.- Hostname:*
- server.vps.com
*3.- /ect/hosts:*
# Auto-generated hostname. Please do not remove this comment. 127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 1.1.1.1 server.vps.com
*4.- /etc/resolv.conf:*
search midominio.com.ve nameserver 127.0.0.1 // localhost ip. nameserver 4.2.2.2 // DNS VPS ip Proveedor. nameserver 8.8.8.8 // Google DNS ip.
*5.- /etc/named.conf:*
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. //
acl "trusted" { /* * You might put in here some ips which are allowed to use the cache or * recursive queries */ 127.0.0.0/8; ::1/128; };
acl "xfer" { /* * Deny transfers by default except for the listed hosts. * If we have other name servers, place them here. */ // Ips Autorizados - Para tus NameServes. 1.1.1.2; 1.1.1.3; };
options { listen-on port 53 { any; }; listen-on-v6 port 53 { none; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */
allow-query { /* * Accept queries from our "trusted" ACL. We will * allow anyone to query our master zones below. * This prevents us from becoming a free DNS server * to the masses. */ trusted; };
allow-query-cache { /* Use the cache for the "trusted" ACL. */ trusted; }; allow-recursion { /* Only trusted addresses are allowed to use recursion. */ trusted; };
allow-transfer { /* Zone tranfers are denied by default. */ xfer; };
allow-update { /* Don't allow updates, e.g. via nsupdate. */ none; };
recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
/* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; };
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; };
include "/etc/named.zones"; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
*6.- /etc/named.zones:*
zone "midominio.com.ve" { type master; file "/var/named/midominio.com.ve.hosts"; /* Anybody is allowed to query but transfer should be controlled by the master. */ allow-query { any; }; allow-transfer { xfer; }; };
zone "1.1.1.1.in-addr.arpa" { type master; file "/var/named/1.1.1.1.in-addr.arpa"; /* Anybody is allowed to query but transfer should be controlled by the master. */ allow-query { any; }; allow-transfer { xfer; }; };
*7.- /var/named/midominio.com.ve.hosts:*
$ttl 38400 midominio.com.ve. IN SOA ns1.midominio.com.ve. administrator.midominio.com.ve. ( 2015113003 // El Serial debe llevar el formato YYYYMMDDnn indicado en la norma (*rfc1912*). 10800 3600 1209600 38400 ) IN NS ns1.midominio.com.ve. IN NS ns2.midominio.com.ve. @ IN A 1.1.1.1 ns1 IN A 1.1.1.2 ns2 IN A 1.1.1.3 www IN CNAME midominio.com.ve. 1.1.1.1.midominio.com.ve. IN PTR midominio.com.ve.
*8.- /var/named/1.1.1.1.in-addr.arpa:*
$ttl 38400 @ IN SOA ns1.midominio.com.ve. administrator.midominio.com.ve. ( 2015113001 // El Serial debe llevar el formato YYYYMMDDnn indicado en la norma (*rfc1912*). 10800 3600 1209600 38400 ) IN NS ns1.midominio.com.ve. IN NS ns1.midominio.com.ve. @ IN A 1.1.1.1 ns1 IN A 1.1.1.2 ns2 IN A 1.1.1.3 90 IN PTR ns1.midominio.com.ve. 91 IN PTR ns2.midominio.com.ve.
Hasta ahora voy así, voy a indagar como crear una zona slave para el servidor DNS, así como corregir estas info que arroja DNSSTUFF:
1.- No stealth nameservers to test. This is simply a note to indicate that you do not have any stealth nameservers to test, which is what is normally expected of domains.
2.- Domain has a WWW hostname provided through one or more CNAME lookups, which will slow down clients attempting to resolve this host. www.midominio.com.ve. | midominio.com.ve. | 38400 midominio.com.ve. | 1.1.1.1 | 38400
3.- No DNSSEC records created for this zone. Many major institutions and government agencies are planning to move to DNSSEC. You may want to consider an implementation plan for the zone specified. If you implemented DNSSEC for your zone we would be able to run further tests.
4.- This domain does not have an SPF record, nor an SPF formatted TXT record. SPF stands for Sender Policy Framework and is intended as an anti-forgery email solution (See RFC4408 http://www.dnsstuff.com/tools#rfcLookup|type=rfc&&value=4408). Many spammers have adopted this mechanism and SPF records alone may not be sufficient to stop spam.
A medida que corrija y lo tenga perfecto ire actualizando, si alguien mas quiere colaborar para dejar este post como guía a personas sin conocimiento que puedan entender de forma mas sencilla, como configurar un servidor DNS bind,
Saludos,
Wilmer.
Y tus puertos ?, escanea desde fuera tu servidor.
2015-05-23 7:49 GMT-05:00 Wilmer Arambula tecnologiaterabyte@gmail.com:
Disculpen tanta molestia, pero la verdad no logro dar con el error.
Ya logre que al hacer host 1.1.1.1 / Muestra: 1.1.1.1.in-addr.arpa domain name pointer server.vps.com., pero sigo sin poderle hacer ping y no tengo instalado ni selinux ni ningun firewall,
mi configuración es:
*named.conf:*
server.vps.com, ip = 1.1.1.1 ns1.midominio.com.ve, ip = 1.1.1.2 ns2.midominio.com.ve, ip = 1.1.1.3
options { listen-on port 53 { localhost; 1.1.1.1; 1.1.1.2; 1.1.1.3; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable
recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable recursion.
- If your recursive DNS server has a public IP address, you MUST enable
access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ allow-query { localhost; 1.1.1.1; 1.1.1.2; 1.1.1.3; }; allow-update { localhost; 1.1.1.1; 1.1.1.2; 1.1.1.3; }; allow-transfer { localhost; 1.1.1.1; 1.1.1.2; 1.1.1.3; }; forwarders { 4.2.2.2; 8.8.8.8; }; recursion yes;
dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
/* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; };
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; };
zone "midominio.com.ve" { type master; file "/var/named/midominio.com.ve.hosts"; };
zone "1.1.1.1.in-addr.arpa" { type master; file "/var/named/1.1.1.1.in-addr.arpa"; };
include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
*midominio.com.ve.hosts:*
$ttl 38400 midominio.com.ve. IN SOA server.vps.com. administrator.midominio.com.ve. ( 1432340100 10800 3600 604800 38400 ) IN NS server.vps.com. IN NS ns1.midominio.com.ve. IN NS ns2.midominio.com.ve. @ IN A 1.1.1.1 ns1 IN A 1.1.1.2 ns2 IN A 1.1.1.3 www IN CNAME midominio.com.ve. 1.1.1.1.midominio.com.ve. IN PTR midominio.com.ve.
*1.1.1.1.in-addr.arpa:*
@ IN SOA server.vps.com. administrator.midominio.com.ve. ( 1432340094 10800 3600 604800 38400 ) IN NS server.vps.com. IN NS ns1.midominio.com.ve. IN NS ns1.midominio.com.ve. @ IN PTR server.vps.com. @ IN A 1.1.1.1 ns1 IN A 1.1.1.2 ns2 IN A 1.1.1.3 90 IN PTR ns1.midominio.com.ve. 91 IN PTR ns2.midominio.com.ve.
y en en panel de administración de *nic.ve http://nic.ve* registre las ips primero en DNS propios:
ns1.midominio.com.ve, ip = 1.1.1.2 ns2.midominio.com.ve, ip = 1.1.1.3
*/etc/host:*
server.vps.com
*/ect/resolv.conf:*
search midominio.com.ve server.vps.com nameserver 127.0.0.1 nameserver 4.2.2.2 nameserver 8.8.8.8
En en el panel de administración de *donweb* donde tengo registrado * vps.com http://vps.com* tengo
vps.com, ip = 1.1.1.1: server.vps.com, ip = 1.1.1.1; dns = ns1.donweb.com, ns2.donweb.com
No entiendo que esta mal, porque no puedo hacer ping desde afuera,
Saludos,
Wilmer. _______________________________________________ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
-
angel jauregui -
Wilmer Arambula